On September 10, 2015, the Second Circuit Court of Appeals ruled in Berman v. Neo@Ogilvy LLC that an employee who reports an alleged securities violation only to his or her employer, and not to the SEC, is nevertheless covered by the anti-retaliation protections afforded by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”).

Berman, a former finance director of Neo@Ogilvy, claimed that his employer and its corporate parent, WPP Group USA, Inc., violated the whistleblower protections of Dodd-Frank by wrongfully terminating him for raising concerns internally about business practices that allegedly constituted accounting fraud. The companies moved to dismiss the claim, arguing that Berman was not a whistleblower subject to protection under Dodd-Frank because he did not report the alleged violations to the SEC. The District Court agreed.

In a 2-1 decision, the Second Circuit reversed the District Court’s decision on appeal. The Court found that the provisions of Dodd-Frank are ambiguous as to whether an employee who reports an alleged violation internally, but not to the SEC, qualifies as a whistleblower. On the one hand, Section 21F(a)(6) of Dodd-Frank limits the definition of “whistleblower” to include only those individuals who provide information relating to an alleged securities violation to the SEC. Yet, on the other hand, Section 21F(h)(1)(A) of Dodd-Frank’s retaliation protection provision prohibits retaliation against individuals who make disclosures that are, inter alia, required or protected under the Sarbanes-Oxley Act of 2002 (“SOX”), and SOX protects employees who make internal complaints of suspected securities laws violations without reporting them to outside agencies.

Finding that these were conflicting statutory provisions, the Court deferred to the SEC’s interpretation of the statute, under which an individual is a “whistleblower” if he or she provides information pursuant to Section 21F(h)(1)(A) of Dodd-Frank, which, as explained above, prohibits retaliation against employees for making internal complaints that would be protected by SOX. Accordingly, the Court held that under SEC Rule 21F-2, “Berman is entitled to pursue Dodd-Frank remedies for alleged retaliation after his report of wrongdoing to his employer, despite not having reported to the Commission before his termination.”

Judge Dennis Jacobs, dissenting, opined that Dodd-Frank is “unambiguous”: Section 21F(a)(6) is controlling because it defines who is a “whistleblower” under the relevant section of the statute and expressly provides that only those who report to the SEC can qualify. Judge Jacobs pointed out that Dodd-Frank Section 21F(h)(1)(A), which the majority found creates ambiguity by incorporating protections provided by SOX, does not expand the statutory definition of whistleblower under Dodd-Frank, but instead identifies which acts done by whistleblowers are protected by Dodd-Frank. In other words, according to Judge Jacobs, Section 21F(h)(1)(A) does not apply to protect a person unless he or she qualifies as a “whistleblower,” as the term is defined by Section 21F(a)(6). Judge Jacobs criticized the majority for disregarding the plain text of Dodd-Frank’s definition of whistleblower and creating an ambiguity in the statute that does not exist solely to expand the reach of the anti-retaliation provisions of Dodd-Frank.

Notably, the Second Circuit’s decision creates a split in authority with the Fifth Circuit Court of Appeals, which came down the opposite way when faced with the same issue in 2013. As a result, this issue is almost surely headed to the Supreme Court for resolution. Further, in holding that Dodd-Frank provides a private right of action for those who report violations only internally, the Second Circuit’s decision may lead to significantly more whistleblower retaliation claims in the future because, in comparison to the SOX whistleblower protections, Dodd-Frank offers a much longer statute of limitations, double back pay damages, and no administrative exhaustion requirement.

On June 10, 2015, the much-anticipated joint final standards (“Final Standards”) issued by six federal agencies (“Agencies”) in accordance with Section 342 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Act”) for assessing the diversity policies and practices of the entities that they regulate (“Covered Entities”) were published and became effective. Covered Entities include financial institutions, investment banking firms, mortgage banking firms, asset management firms, brokers, dealers, financial services entities, underwriters, accountants, investment consultants, and providers of legal services. In issuing the Final Standards, the Agencies stated that their goal is to provide a framework for an entity “to create and strengthen its diversity policies and practices . . . and to promote transparency of organizational diversity and inclusion.”

My colleagues Lauri Rasnick and Dean Singewald have written an Act Now Advisory describing the Final Standards and explaining important steps financial services employers should take now.

Can an employee who blows the whistle on alleged securities law violations within the company (and is therefore protected by the anti-retaliation provision of the Sarbanes-Oxley Act), but does not blow the whistle externally to the SEC, also invoke the more advantageous anti-retaliation protections of the Dodd-Frank Act in a private lawsuit? Or is Dodd-Frank limited to protecting external whistelblowers? There is a growing split of authority on this question among various federal appellate and district courts. On June 17, 2015, the Second Circuit heard oral arguments on this issue in Berman v. Neo@Ogilvy LLC, 14-4626 (2d Cir.); a decision should be forthcoming this year that may or may not deepen the divide.

In the following video clip from a recent webinar, I discuss the split of judicial authority on this issue, the reasons behind it and what is ultimately at stake:

The number of whistleblower complaints is on the rise, according to the 2014 Annual Report to Congress on the Dodd-Frank Whistleblower Program, and defending against them can be costly and disrupt business operations. Taking appropriate steps in response to internal complaints can go a long way toward minimizing the risk that the issue becomes an external dispute at OSHA or in court.

Understanding the Objectives A prompt investigation and an understanding of the objectives of the investigation are paramount. Employers should decide, for example, whether the goal is to create a factual record, prepare an investigative report addressing a particular inquiry or legal consideration, provide a basis for decision making, or serve as a defense in anticipated litigation—or any combination of these objectives. These considerations will determine whether the investigation should be undertaken by a non-attorney or by corporate counsel or outside counsel, or both. For example, if the goal is simply to correct a problem internally, perhaps corporate counsel is appropriate. If, on the other hand, there is a high likelihood that the employee’s complaint will lead to full-blown litigation, outside counsel may be more appropriate. In addition, employers must have a basic understanding of the privileges afforded to attorney work product and attorney-client communications. This is because the choice of investigator can impact whether, and to what extent, these privileges apply to the information adduced during the investigation, which, in turn, will determine whether such information will be protected from disclosure to third parties.

Whistleblowers in Compliance or Audit Functions Employers should also know how to respond to the challenge raised by complaints made by whistleblowers who work in compliance or audit functions or are otherwise responsible for receiving and investigating internal whistleblower complaints. These “trusted” whistleblowers are especially problematic because, while they should be working to investigate and correct the issue internally, they may also decide to blow the whistle themselves and report the matter to outside authorities. Further, while they are generally ineligible for financial awards under the Dodd-Frank whistleblower bounty program, these “trusted” whistleblowers can become eligible for an award if the business takes no corrective action within 120 days after they make an internal complaint. They are also protected by anti-retaliation provisions of Dodd-Frank and SOX.

Training Managers to Receive Complaints One of the most important considerations is making sure that supervisors and managers are trained and understand how to recognize and elevate a whistleblower complaint to the appropriate internal legal or compliance unit, and how to conduct themselves going forward to minimize the risk of a retaliation claim by an employee who blows the whistle. Issues are frequently first raised at the supervisory level, and the sooner that compliance and/or legal professionals receive information about a claim so that they can access the appropriate response, the sooner an internal investigation can commence, when necessary. Further, managing an employee who has made a whistleblower claim can present a host of challenges, particularly if the employee is under-performing and therefore has been or is becoming a candidate for corrective or even disciplinary action. If a current employee raises a whistleblower complaint, it is essential that the alleged wrongdoing is not compounded by retaliation against that employee (or by actions that give the appearance of retaliation). Thus, supervisors and managers should receive periodic training regarding the laws and company policies prohibiting retaliation. They should also understand the need to have any potentially adverse employment actions vetted by the legal department before taking action. Finally, supervisors and managers should be given appropriate support from the legal and/or human resources departments in terms of counseling and advice in dealing with the whistleblower on a day-to-day basis as issues arise, rather than trying to navigate these waters on their own.

The SEC has become increasingly vigilant and aggressive about what employers say in their confidentiality agreements and the context in which they say it. We previously cautioned employers when FINRA issued a Regulatory Notice cracking down on the use of confidentiality provisions that restrict employees from communicating with FINRA, the SEC, or any other self-regulatory organization or regulatory authority. The SEC has now followed suit in In re KBR, Inc., (pdf) the SEC’s first-ever enforcement action against a company for using overly restrictive language in one of its confidentiality agreements. (See, e.g., “SEC Declares Open Season on Employee Agreements,” (Law 360) (subscription required).

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) amended the Securities and Exchange Act to include the whistleblower incentives and protections set forth in Section 21F. Rule 21F-17 prohibits employers from taking any action to “impede” an employee from communicating with the SEC about a possible securities law violation, including enforcing or threatening to enforce a confidentiality agreement. The SEC’s Chief of the Office of the Whistleblower, Sean McKessy, previously indicated that his office would be analyzing and looking to bring enforcement actions with respect to severance agreements, confidentiality agreements, and employment agreements that violate Rule 21F-17(a), part of the implementing regulations of the Dodd-Frank whistleblower incentive award program (i.e., the “bounty” program).

Interestingly, the SEC selected a very specific and particular type of agreement for its first publicized action: not a severance, employment, or general confidentiality agreement or policy, but rather an agreement that KBR’s compliance investigators required witnesses interviewed in connection with certain internal investigations to sign, warning them that they could face discipline or be fired if they discussed the substance of the interview with outside parties without prior approval from KBR’s legal department. KBR had begun using the form agreement at issue prior to the promulgation of Rule 21F-17.

Although there was no evidence that any KBR employees were ever actually prevented from communicating with the SEC pursuant to the confidentiality agreement, or that KBR took any actions to enforce the terms of the agreement, the SEC found that KBR’s use of the confidentiality agreement was unlawful because it improperly restricted employees from communicating with the SEC about the subject of an interview without KBR’s permission, and it undermined the purpose of Section 21F by discouraging employees from reporting possible SEC rules violations through threat of discipline.

KBR has agreed to pay the SEC $130,000 to settle the charges and voluntarily amended its confidentiality statement to expressly provide that it does not preclude employees from reporting possible violations of law or regulations to any government agency or from making other disclosures protected under federal whistleblower laws. The amended provision also makes clear that employees do not need KBR’s authorization to make such disclosures.

This should serve as a warning that blanket confidentiality provisions that arguably forbid employees from communicating with regulatory agencies, or require pre-approval to do so, unless carefully drafted to comply with Rule 21F-17, may run afoul of federal law. The SEC is fully committed to prosecuting such violations. Employers should therefore carefully review, and revise as necessary, all confidentiality agreements they use – whether in stand-alone agreements, employment agreements, separation agreements, or other policies or standards of conduct – so that they too do not become the targets of SEC enforcement actions or other regulatory scrutiny.

Yesterday, the Supreme Court decided Department of Homeland Security v. MacLean. MacLean was a Transportation Security Administration (TSA) employee who, without authorization, disclosed to a reporter the otherwise unpublicized termination of missions related to hijack prevention. He claimed he was disclosing a matter related to public safety. He was fired pursuant to regulations promulgated under the Homeland Security Act, 116 Stat. 2135. That Act provides that the TSA “shall prescribe regulations prohibiting the disclosure of information . . . if the Under Secretary decides that disclosur[e] would . . . be detrimental to the security of transportation.” 49 U. S. C. §114(r)(1)(C). Around the same time, the TSA promulgated regulations prohibiting the unauthorized disclosure of “sensitive security information.” MacLean was fired pursuant to that regulation. However, the Supreme Court held that the regulation at issue did not have the force of law.

Given the fact that this case involves facts peculiar to governmental entities, one might think it unimportant to non-governmental employers in general, or financial services employers in particular. However, we believe there are two takeaways:

The first takeaway is a reiteration that, contrary to oft-repeated arguments that the Court is pro-business, this case further shows that, with one idiosyncratic exception (Garcetti v. Ceballos, 547 U.S. 410 (2006)), the whistleblower has thus far consistently prevailed at the Supreme Court. Employers should take note of this fact in connection with litigation of False Claims Act, Sarbanes-Oxley, Dodd-Frank, and other whistleblower cases where retaliation might rear its head.

The second takeaway is the theory that not all regulations have the status of actionable laws. This could be an issue for a financial services firm that terminates a whistleblower for violating regulations applicable to the financial services industry.

A final point of interest: This was a 7-2 decision, with Justices Kennedy and Sotomayor dissenting. The majority was, thus, bipartisan, as was the dissent, at least in terms of judicial philosophy.

One of many changes wrought by passage of the Dodd-Frank Act is that employers cannot compel potential whistleblowers to report known or suspected unlawful activity to the company before reporting such information to the Securities Exchange Commission (SEC). Employees are eligible for a bounty award from the SEC even if they do not first – or ever – report internally. The SEC’s position is that mandatory internal reporting could discourage at least some potential whistleblowers. Consistent with that position, SEC Whistleblower Rule 21F–17 provides:

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by [certain sections of the rules]) with respect to such communications. (17 C.F.R. § 240.21F-17(a)) (emphasis added).

In the following video clip from a recent webinar, I discuss some of the actions employers can take to try to encourage and incentivize employees to report wrongdoing internally:

In its recent decision in Santoro v. Accenture Federal Services, LLC [pdf], the Fourth Circuit Court of Appeals has joined the Fifth Circuit [pdf] in narrowly interpreting the prohibition against predispute arbitration agreements in the Dodd Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”) — and employers can breathe a further sigh of relief.

Dodd-Frank amended the Sarbanes-Oxley Act (“SOX”) to, among other things, prohibit agreements requiring predispute arbitration of SOX claims (see 18 U.S.C. § 1514A(e)(2)). The language Congress used, however, is quite broad, and when the statute was first enacted, caused concern among employers that the prohibition meant that the entire arbitration agreement could be invalidated with respect to all types of claims if SOX claims were not expressly carved out:

“No predispute arbitration agreement shall be valid or enforceable, if the agreement requires arbitration of a dispute arising under this section.”

Compounding the concern, courts in some jurisdictions have extended the reach of this ban, holding that it applies retroactively to agreements made even before Dodd-Frank was enacted, when they would not have had an express carve-out for SOX claims. Indeed, for the most part, court decisions prior to Dodd-Frank had held that SOX whistleblower retaliation claims could be compelled to arbitration.

In this case, Santoro had entered into an employment contract with Accenture Federal Services that contained an arbitration clause requiring all disputes arising out his employment with Accenture to be brought in arbitration. After he was terminated and replaced by a younger employee, Santoro filed a complaint against Accenture in the Eastern District of Virginia, alleging claims under the Age Discrimination in Employment Act, Family and Medical Leave Act, and Employee Retirement Income Security Act – but, significantly, no whistleblower retaliation claims under Dodd-Frank or SOX.

Accenture moved to compel arbitration pursuant to the employment contract, but Santoro argued in opposition that the entire arbitration agreement was invalid under Dodd-Frank. He argued that in the post-Dodd-Frank era, all predispute arbitration agreements lacking a Dodd-Frank carve-out are invalid, even for plaintiffs who are not pursuing any whistleblower claims. In other words, because the contract did not specifically exempt Dodd-Frank claims from arbitration, and thus could allegedly be interpreted as requiring arbitration of such claims, the entire arbitration agreement was invalid. The District Court rejected this argument and Santoro appealed.

Noting first that it was undisputed that the employment contract contained an arbitration agreement and that Santoro’s claims fell within the agreement’s scope, the Court determined that, based on the statutory language and the context surrounding its enactment, Dodd-Frank’s statutory prohibitions against predispute arbitration agreements apply only to the extent such agreements waive or limit judicial resolution of whistleblower retaliation claims:

“Under Dodd-Frank, Congress has protected the right to bring a whistleblower cause of action in a judicial forum, nothing more. . . . Nothing in Dodd-Frank even refers to arbitration apart from this limited reference in [18 U.S.C. § 1514A(e) and 7 U.S.C. § 26(n)] that are otherwise concerned solely with the creation of a cause of action for whistleblowing employees.”

Accordingly, the Court held that Dodd-Frank did not invalidate Santoro’s arbitration agreement because Accenture was not seeking to compel him to arbitrate any whistleblower claims; and, more generally, when there are no whistleblower causes of action at issue in a litigation, Dodd-Frank does not invalidate an enforceable arbitration agreement. While this is a positive outcome for employers, particularly with respect to their older agreements, employers should continue to review their arbitration provisions and agreements going to forward to ensure that they do not require arbitration of whistleblower retaliation claims arising under Section 806 of SOX.

The economy may be improving, but challenges remain for employers in the financial services industry. From ever-increasing whistleblower claims to new diversity and inclusion regulations and recent IRS determinations affecting bonus payments, financial services industry employers will have to navigate a number of new developments and potential pitfalls in 2014. Here are five issues to keep an eye on in the new year. …

Six federal agencies (“Agencies”) subject to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Act”) issued much-anticipated jointly proposed standards in accordance with Section 342 of the Act for assessing the diversity policies and practices of the entities that they regulate in the financial services industry. The proposed standards were published in the Federal Register on October 25, 2013. In issuing the proposed standards, the Agencies stated that their goal is to “promote transparency and awareness of diversity policies and practices” of the covered entities (“Covered Entities”), given the Agencies’ recognition that greater diversity and inclusion “promotes stronger, more effective, and more innovative businesses, as well as opportunities to serve a wider range of customers.”

The Agencies include the Board of Governors of the Federal Reserve System, the Bureau of Consumer Financial Protection, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission. Each of these Agencies was required, pursuant to Section 342 of the Act, to establish an Office of Minority and Women Inclusion (“OMWI Office”), headed by a Director responsible for all Agency matters concerning diversity in management, employment, and business. In turn, each Director was required to establish standards for assessing the diversity policies and practices of the entities regulated by the Agency. The Covered Entities include financial institutions, investment banking firms, mortgage banking firms, asset management firms, brokers, dealers, financial services entities, underwriters, accountants, investment consultants, and providers of legal services.

Proposed Standards

The proposed standards are divided into four assessment areas: (i) organizational commitment to diversity and inclusion, (ii) workforce profile and employment practices, (iii) procurement and business practices (or supplier diversity), and (iv) practices to promote transparency of organizational diversity and inclusion. The standards for each assessment area are as follows …